On Sun, 9 Feb 2025 at 13:34, Elliotte Rusty Harold <elh...@ibiblio.org> wrote: > > On Sun, Feb 9, 2025 at 8:00 AM Slawomir Jaranowski > <s.jaranow...@gmail.com> wrote: > > > We have a simple statistic > > https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-dist-tool/job/master/site/dist-tool-committers-stats.html > > > > To remove somebody we need a procedure for it. > > Great. I'm glad we already have the information we need. I see 72 > committers and maybe 20% of those have been active in the last few > years. I'm not sure what the technical procedure for removing > committer privileges is. I don't have admin access on the github or > svn repos. However as policy I propose:
As I know we don't manage access rights separately for each service. We can manage assignments to LDAP groups https://whimsy.apache.org/public/ by whimsy service. > > 1. Once a year, shortly after January 1, an admin manually removes > committership from anyone who hasn't committed in the previous 4 > years. For instance, right now we would revoke commitership from > anyone whose last commit was in 2020 or earlier. The size of the task > doesn't feel worth automating. > > 2. If a former committer notices they no longer have permissions and > wants them back to do some work, they just have to ask here on dev@ > and they will be regranted. They don't have to prove themselves worthy > of committer privileges again. They've already done that. > > 3. Other privileges like issue filing and PMC voting remain in effect > as these aren't especially risky. > > There might be other permissions like the ability to push to the > website or control the mailing lists we should also lock down. I don't > know exactly how that works, but if anyone does please speak up. > > To be clear, we're not banning anyone. We're simply being cautious > about active permissions given the risk of compromised old accounts. > With 72 committers some of whom haven't been heard from in over ten > years, it's likely some of these accounts are effectively defunct. > It's even possible some developers are deceased. > Generally I agree - but we should start separate thread for discussion, and finally finish by VOTE. > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- Sławomir Jaranowski --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org